Lantronix SLC 8000 Advanced Console Manager User Guide - Page 143

7: Services V3 User Read-Write User Name SNMP v3 is secure and requires user-based authorization to access SLC MIB objects. Enter a user ID for users with read-write authority. The default is snmprwuser. Up to 20 characters. Password/ Password for the user with read-write authority to use to access SNMP v3. The default Retype Password is SNMPRWPASS. Up to 20 characters. Passphrase/ Retype Passphrase Passphrase associated with the password for a user with read-write authority. Up to 20 characters. If this is not specified it will default to the v3 Read-Write Password. V3 User Trap User Name SNMP v3 is secure and requires user-based authorization to access SLC unit MIB objects. Enter a user ID for users with authority to send traps. The default is snmptrapuser. Up to 20 characters. Password/ Password for the user with authority to send v3 traps. The default is Retype Password SNMPTRAPPASS. Up to 20 characters. Passphrase/ Retype Passphrase Passphrase associated with the password for a user with authority to send v3 traps. Up to 20 characters. If this is not specified it will default to the v3 Trap Password. 3. To save, click the Apply button. Version 3 TLS (over TCP) SNMP v3 over TLS requires three X.509 certificate files for authenticating the SLC SNMP agent with a client or tool that queries the agent for information. SNMP v3 also requires two X.509 certificate files for authenticating the SLC client application that issues traps with the NMS application that receives traps. The certificates required for the modes are:  For authenticating an SLC agent with a client or tool that queries the agent: the certificate authority (or root) file, certificate file, and private key file are required.  For authenticating an SLC client application that issues traps with the NMS application that receives the traps: certificate authority (or root) file and client (or trap) certificate file are required. If the SLC is used in both the modes, the agent certificate file and client (or trap) certificate file must share the same the certificate authority (or root) file. All certificate files should be in PEM format, e.g.: -----BEGIN CERTIFICATE----(certificate in base64 encoding) -----END CERTIFICATE----- Certificate fingerprints may be required by applications interfacing the SNMP applications of SLC when TLS is used. SLC will display the SHA1 and SHA256 fingerprint of the certificate authority and certificate files when they are uploaded into SLC. The fingerprint of the client certificate must also be configured when authenticating the SLC agent with a client or tool that queries the agent. For information about generating a certificate authority (or root) file, agent (or server) certificate and key, and client certificate and key with OpenSSL, see Creating a Certificate. We recommend you to set the message digest used when creating the certificates to SHA1 or SHA256, depending on the level of security required. When SLC is in FIPS mode, only certificates with a message digest of SHA256 or higher are allowed. To set the message digest used by OpenSSL, in step (1b) SLC™ 8000 Advanced Console Manager User Guide 143